Data privacy at a glance

The safety of your data and your personal rights when we collect, process and use your personal information is very important to us. We are therefore fully committed to complying with all legal privacy protection requirements, in particular the General Data Protection Regulation (GDPR) of the European Union and the German Data Protection Act (BDSG). Below please find a brief summary of what we do to protect your data, and what using our (online) services entails for you.

We typically collect personally identifiable information when you contact us, i.e. by visiting our fairs, using our online portals and services, or visiting our websites (Hamburg Messe company website, CCH company website, webpages dedicated to events organised by us). In addition, we also process contact data that was not collected directly from the person concerned and, if necessary, saves this data to existing data records. For this purpose, we research contact data of potential customers from public directories for promotional customer contact.”

Personally identifiable data includes any data referring to an identified or identifiable natural person, such as the person’s name, residential address, e-mail address etc.

The explanations below provide you with an opportunity to get fully informed about your legal rights and the way Hamburg Messe und Congress processes your data. Feel free to contact us personally if you have any further questions regarding data privacy. 

Status: June 2023

I. General provisions regarding data processing

Hamburg Messe und Congress GmbH is responsible for processing information on our webpages.

Hamburg Messe und Congress GmbH (HMC)
Business Management/Geschäftsführung
Messeplatz 1
20357 Hamburg
Germany

ph.: +49 (0)40-3569-0
E-mail: info(at)hamburg-messe(dot)de
Website: www.hamburg-messe.de

We have appointed a Data Protection Officer for our company’s business operations.

Datenschutzbeauftragte/Data Protection Officer
Hamburg Messe und Congress GmbH
Messeplatz 1
20357 Hamburg
Germany

ph.: +49 40 3569-0
E-mail: privacy(at)hamburg-messe(dot)de

a. Information, rectification, erasure, restriction of processing, and data portability

According to the GDPR, you as a Data Subject have the following rights:

  • GDPR, Art. 15: Data Subject’s right to information
    You have the right to request and obtain from us information regarding the type of personal data we process about you.
  • GDPR, Art. 16: Right to data rectification
    To the extent that your personal information is incorrect or incomplete, you have the right to request rectification of incorrect and completion of incomplete information.
  • GDPR, Art. 17: Right to erasure
    Under the conditions specified by GDPR, Art. 17, you may demand that your personally identifiable data be erased. Whether or not you are entitled to have your data erased will depend on various factors, including without limitation whether we need to maintain your data to fulfil our contractual and legal duties.
  • GDPR, Art. 18: Right to restrict processing
    You may demand restriction of the processing of your personally identifiable data under GDPR, Art. 18.
  • GDPR, Art. 20: Right to data portability
    Under the conditions specified by GDPR, Art. 20, you may demand that your personally identifiable data which you have provided to us be erased, be made available to you in a structured, common, machine-readable format, or transmitted to another Data Controller. 
b. Revoking a consent

If you have given your consent to your data being processed, you may revoke your consent at any time. Your revocation will apply to any future processing of your personally identifiable data from the time you submit your revocation to us. Any processing of your data on the basis of other legal provisions, if applicable, shall likewise remain unaffected. To the extent that your consent was the sole legal basis for processing your data, provided there is no legitimate interest on our part in processing your data pursuant to GDPR, Art. 6(1), p.1 (f), we will promptly erase your data upon receiving the revocation of your consent.

c. Objection to the processing of personally identifiable data

To the extent that we process your personally identifiable data based on a balancing of interests (GDPR, Art. 6(1), p.1 (e) or (f)), you may, on grounds arising from your particular situation, make an objection against the processing of your data. This may apply in particular if data-processing is not necessary to perform a contract with you as explained below. When you exercise your right of objection we request that you explain your grounds for prohibiting us from continuing to process your personally identifiable data. Upon receiving your well-reasoned objection, we will review the facts and either stop processing your data, or limit the extent of our data-processing, or explain to you the compelling reasons meriting protection for our continued processing of your data.

Notwithstanding the above you may at any time object to your personally identifiable data being processed for purposes of advertising and data analytics, without incurring any costs other than the costs of transmission according to applicable base rates.

You may direct any further questions regarding this as well as any other privacy protection matters to the Company Data Protection Officer at privacy(at)hamburg-messe(dot)de

d. Right to lodge a claim to the supervisory authority

You have the right to lodge a complaint to the supervisory authority if you believe your data is being processed in an unlawful manner. The address of the supervisory authority responsible for us is as follows:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Kurt-Schumacher-Allee 4
20097 Hamburg, Germany

If required, we will transfer your personally identifiable data from contract preparation or contract execution (master data, contact information) to third parties supporting us in performing our contractual duties or working with us or performing necessary activities, provided that you have requested this cooperation or transfer. Since these third parties may vary depending on the particular services, we will notify you of any such data processing on a case-by-case basis. However, we generally assume that your interest is consistent with our interest in performing the contract. In these cases we cannot enable contract performance without transferring your data to third parties.

We may contract external service providers to perform some processing of personally identifiable data. We have selected and commissioned these providers carefully. They are under obligation to adhere to our instructions and are monitored on a regular basis. They may include the following categories of data recipients:

The following are categories of potential recipients of your personally identifiable data:

  • External contractors providing data processing services or other contract services (such as IT services, services for online invitation management tools, banking services, communication services, specific services to our finance department, data media disposal services, companies providing creditworthiness checking, ticketing, postal communications, exhibition stand construction or catalogue entry services),
  • Transport services
  • Government agencies (such as the Federal Labour Agency)
  • Courts of law in the event of legal disputes or other legal matters
  • Courts of law and lawyers or solicitors in the event of legal disputes or other legal matters as well as legal consultation
  • Auditors, tax consultants
  • Recruiting agencies supporting us in making hiring decisions, if applicable
  • Exhibitors: When you redeem an exhibitor's admission code or if you are directed via affiliate link of an exhibitor (Affiliate Program) to the ticket shop of HMC and register there, we will transfer your personal data (name, address, communication information) to the respective inviting or advertising exhibitor. In this way, the exhibitor is able to control his customer approach in a more targeted manner in the future. You can object to this at any time at privacy(at)hamburg-messe(dot)de.
  • Co-operation Partners: In preparing for the WindEnergy Hamburg event, we will transfer the registration information of participants in the WindEurope Conference to our cooperation partner, the conference organiser WindEurope, for required business transaction processing. Furthermore, our cooperation partner WindEurope would like to inform you by e-mail about the latest conference details. You may object to this at any time by sending a message to privacy(at)windeurope(dot)org .
  • Co-operation Partners: In preparing for the Polaris event, we will transfer the registration information of participants to our cooperation partner, RCADIA Group GmbH, for required business transaction processing. Furthermore, our cooperation partner RCADIA Group GmbH would like to inform you by e-mail about the latest event details. You may object to this at any time by sending a message to info(at)rcadia(dot)de .
  • Co-operation Partners: In preparing for the Seatrade Europe event, we will transfer the registration information of participants to our cooperation partner, Informa Markets, for required business transaction processing. Our cooperation partner, Informa Markets, would also like to inform participants via email or mobile phone/SMS about the latest news on the event, send notifications or reminders on site, and share useful information about hotel bookings, matchmaking, the app, etc. This can be object at any time by sending a message to seatrade-europe@hamburg-messe.de.

Your personally identifiable data will not be disclosed to anyone for advertising purposes. 

In fulfilment of contractual purposes or to perform pre-contractual activities with potential or confirmed exhibitors as well as potential or confirmed visiting companies from third countries (GDPR, Art. 6(1)(b)), we will transmit personally identifiable data to our Foreign Representatives in the relevant country. This applies to the following personally identifiable data: Company information including address, name of the contact person, communication information, industry, product interest, contract and billing information where applicable, exhibitor-/ product interest, payment information.

In the case of industry fair representatives or visiting companies from foreign countries, the name of the visitor may be transmitted to the company in the foreign country, as well unless such transmission is expressly objected to. The registration data of a company visiting industry fairs whose representative contacts an exhibitor may – with the visitor's consent – be transmitted to the exhibitor being visited, whether the exhibitor's domicile is in Germany, the EU or any other country.

The registration data of a company whose representative contacts an exhibitor at its exhibition stand may – unless the visitor objects to his data being scanned from the barcode of his admission ticket – be transmitted to the exhibitor being visited, whether the exhibitor's domicile is in Germany, the EU or any other country.

If we transmit personally identifiable data to third parties outside the European Union or the European Economic Area, we will ensure data transmission does not occur unless the data recipient enters into a contractual agreement with us to apply equivalent data protection and data security standards; an adequate level of data protection exists on the recipient's side; you have given your consent to the transmission of your data; or the transmission of your data is legally permissible for other reasons, for example upon your request to prepare and/or perform a contract with you.

Two review a list of all our international offices, please visit our web page

FOREIGN REPRESENTATIVES

Your personally identifiable data will be erased as soon as the reason for their storage ceases to exist. Furthermore, your data may be stored if such storage is required under European or national legislation as per EU regulations, laws or other provisions applicable to the Data Controller, or if continued storage is necessary in individual cases where a claim is or may be raised against us in connection with a contract or pre-contractual activities. In the event that a legal retention obligation prevents us from deleting your data, we will initially block your data and delete them upon expiry of the legal retention period.

This provision applies to all data processing activities mentioned in this Data Privacy Policy unless expressly stipulated otherwise.

You are not under any legal or contractual obligation to transmit any personally identifiable data to us. However, in the event that you wish to enter into a contract with us, it will be necessary for you to provide personally identifiable data. If you choose not to transmit any personally identifiable data to us in a given case, you will not be able to enter into a contract with us.

We process your data in part automatically in order to inform you about our events in a relevant manner. This allows us to communicate with you and present you with advertisements based on your needs.

However, we only do so on condition of your express consent according to GDPR, Art. 6(1)(a). You may object to our processing of your data, or revoke your consent at any time.

We reserve the right to change this Data Privacy Policy at any time, provided that the changes only affect future use. The most recent version will always be available on this website. Please visit this website from time to time to familiarise yourself with the current data privacy terms and conditions.

II. Information regarding specific data-processing activities

A. Type and purposes of data-processing, legal basis, and data storage

When you use our webpages, various personally identifiable data items are collected. The provisions below explain what kinds of data we collect and how we use them. 

Persons under the age of 16 should not transfer any personal data to us without the consent of their parents or guardians. We do not request personal data from children and adolescents. We do not knowingly collect such data and do not pass it on to third parties (Protection of minors).

(1) Server log files

The provider of our webpages collects and stores information automatically in so-called server log files which your browser programme transmits to us automatically. The information transmitted includes:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • HTTP status code and the volume of data transmitted
  • Host name of the accessing computer
  • Time of the server query
  • IP address.

These data are not combined with any other data sources.

Data processing is based on GDPR, Art. 6(1)(f). 

(2) Cookies

Our webpages may use so-called cookies. Cookies do not cause any damage to your computer and do not contain any computer viruses. We use cookies to make our services more user-friendly, more effective, and safer. Cookies are small text files which are stored on your computer by your browser software.

Most of the cookies we use are so-called Session Cookies which are deleted automatically when your visit ends. Other cookies remain on your device until you delete them. These cookies allow us to recognise your browser the next time you visit our webpages.

You have the option of adjusting your browser settings so you will be notified every time a cookie is about to be set, so that you can allow cookies in selected cases only, reject cookies in other cases or in general, and enable automatic deletion of cookies when you close your browser. Disabling cookies may restrict the functionality of our webpages.

Cookies that are required to perform electronic communication transactions or enable certain features you wish to use (e.g. the shopping basket feature) are stored on the basis of GDPR, Art. 6(1)(f).

The website operator has a legitimate interest in the storage of cookies which ensure that its services are provided in a technically error-free and optimised manner.

In addition, we use cookies to personalize content and advertisements, to provide social media features, and to analyze traffic to our Web site. We also share information about your use of our site with our social media partners, advertisers and analysts. Our partners may combine this information with other information you have provided to them or collected in connection with your use of the Services. All marketing and analysis cookies are only set if you expressly agree to this the first time you visit a website in the appropriate dialog box. You can then change this setting at any time using the "Cookie Policy" tab (top right of each of our websites).

(3) Contact form and e-mail contact

When you send us a request using our contact form or by e-mail, we will store your information provided on the enquiry form or in your e-mail message, including the contact information provided by you, for the purpose of responding to your enquiry and any potential follow-up questions. We will not disclose this information to anyone without your consent.

This means that the data you enter into the contact form or e-mail message will be processed exclusively on the basis of our legitimate interest (GDPR, Art. 6(1), p.1 (f).  If the purpose of the e-mail or contact form correspondence is to enter into a contract, GDPR article 6(1), p.1 (b) provides an additional legal basis.

We process the information from the contact form or your e-mail message solely to arrange our interaction with you. This constitutes the required legitimate interest in processing the data. The data provided by you through the contact form or your e-mail message will be stored pursuant to Item I.6. 

(4) Newsletter

With your consent, you may subscribe to our newsletter which we distribute to inform you about our current programmes available to interested parties.

We use the so-called double-opt-in method for newsletter subscription registrations. If you would like to subscribe to our newsletter, which is offered on our webpages, we will need an e-mail address for you. Following your registration using your e-mail address we will send you an e-mail message to the address you provided. In this e-mail message we will ask you to confirm that you agree to receive the newsletter. If you do not confirm your registration within 7 days, your information will be temporarily blocked, and erased automatically no later than seven days thereafter. You will not be required to provide any further data but may do so voluntarily. We will use your data exclusively for the purpose of sending you the required information. We will not disclose your data to any third parties.

The data you enter into the newsletter subscription form will be processed exclusively as agreed by you (GDPR, Art. 6(1), p.1 (a)). The legal basis for sending the newsletter following the sale of products or services is the German Unfair Competition Act (UWG), section 7(3).

You may at any time revoke your consent to the storage of your data and e-mail address and to their use for the purpose of sending you the newsletter, for example by using the link ABMELDEN/UNSUBSCRIBE found in the newsletter, or by sending an appropriate message to the contact address indicated in the Imprint. The legality of any data processing prior to your revocation will remain unaffected.

We will store the data you have provided for the purpose of receiving the newsletter until you cancel your newsletter subscription, and erase your data upon your cancellation as stipulated under Item I.6. Data stored by us for other purposes (e.g. e-mail addresses for the ticket shop or the Online Service Center) will remain unaffected.

(5) Registering on our webpages and on site

(Ticket shop, Online Service Center, Wi-Fi, job applicant management, journalist accreditation, press mailing list, saving favorites)

You may register on our webpages for the use of additional website features. We will use the data entered by you exclusively for the purpose of enabling usage of the relevant services that you have registered for. The information required for registration must be provided in full. We cannot accept incomplete registration.

Registration is required to purchase online tickets. This will require you entering your personally identifiable data, which we need to process your ticket order. The information required for contract performance is marked appropriately. All additional information will be provided at your own discretion. You may also register with us using your Xing, LinkedIn or Facebook account. If you choose to do so, your Xing, LinkedIn or Facebook profile data will be transmitted to us, provided that you have given your consent. We will process the data provided by you or transmitted to us via Xing, LinkedIn or Facebook for the purpose of processing your order and maintaining your customer account.

The data you provide when you register will be processed on the basis of your consent (GDPR, Art. 6(1), p.1 (a)). You may revoke your consent at any time pursuant to Item I.3.b. You may do so in an informal e-mail message to us. The legality of any data processing performed previously will remain unaffected by your revocation.

To the extent that it is necessary to process personally identifiable data in fulfilment of a contract between ourselves and the Data Subject, Art. 6(1), p.1 (b) of the GDPR provides the legal basis. The same applies to any data processing that is necessary to perform certain pre-contractual activities.

Provided that processing your data is necessary for us to safeguard our legitimate interests, the alternative legal basis will be GDPR, Art. 6(1), p.1 (f). We process the information from the relevant contact form solely for the purpose of providing this or the relevant other service. This constitutes the required legitimate interest in processing the data.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c DSGVO serves as the legal basis for the processing of this data.

The above also applies to the purchase of tickets to trade events on site. In order to attend trade events, identification as a trade visitor is also required.

In addition, we process your data so that we can put visitors in touch with suitable exhibitors or contact persons as part of our matchmaking service (matchmaking functionality, see II.7).

If you place an ORDER AS A GUEST, we will process your data exclusively for executing the purchasing contract. Your data will not be used for any further marketing purposes unless you have given your express consent to receiving customer messages from us (GDPR, Art. 6(1), p.1 (a)).

In the event of major changes to the services we offer, or any changes necessary for technical reasons, we will use the e-mail address you provided with your registration to notify you accordingly. We may also use your data for marketing purposes among our customer base.

(6) Job applicant registration on our webpages

The “Career” section of our website will take you to our job application portal were you may submit a job application to us.

Your personally identifiable data will be used and processed by us for the purpose of making a hiring decision about you.

The legal basis for processing your data will be GDPR in connection with the German Federal Data Protection Act (BDSG), sec. 26. Furthermore, personally identifiable data may be processed under other provisions of labour and social law as amended, in particular those pertaining to the rights of employees at their place of work. To the extent that processing personally identifiable data is required to fulfil a legal obligation of the Data Controller, the legal basis is Art. 6(1), p.1 (c) of the GDPR.

Personally identifiable data processed for the purpose of making a hiring decision will be deleted as soon as processing is no longer required to arrive at a hiring decision. This means that the duration of data storage depends on the duration of the decision-making process.

Applicants who have received a rejection message will be told upon completion of their application process that HMC would like to store their data for potential future job openings. If this is not desired, the data will be deleted. 

If you have sent us an unsolicited application which does not respond to a specific job opening advertised by us, we will likewise process your personally identifiable data so as to make a hiring decision. The above stipulations apply mutatis mutandis. As a matter of principle, we will erase your data if we do not anticipate being able to make use of your personally identifiable data for making a hiring decision in the foreseeable future, or if you do not want us to store your data for potential future job openings.

Your personally identifiable data may be used to assert, exercise or defend legal claims, provided that you or we have or wish to assert any such legal claims. 

The legal basis of data processing in these cases is GDPR, Art. 6(1), p. 1 (f). In such an event, the Data Controller's or any third party's legitimate interests shall be the assertion, exercise or defence of a legal claim. If you give us your consent to processing your personally identifiable data, your written consent shall at least constitute part of the legal basis of data processing (GDPR, Art. 6(1), p. 1 (a)).

Conceivably, this might result in a storage duration beyond the time at which a hiring decision is made. For example, this would be the case if there is any indication that you might assert legal claims against the Data Controller. In this case, the data will be stored for the amount of time needed to assert, exercise or defend such legal claims. The criteria for determining an appropriate storage duration may include the terms stipulated by the German General Equal Treatment Act (AGG; sec. 15(4)(1)) as well as the German Labour Court Law (ArbGG; sec. 61(b)), as well as statute of limitations rules and legally stipulated retention periods. Furthermore, the data may be stored if such storage is provided for or required under European or national legislation as per EU regulations, laws or other provisions applicable to the Data Controller. If you have agreed to your data being stored for an unlimited time period, your data will be erased as soon as you revoke your consent.

There are no intentions to transmit your applicant data to other countries outside the European Union, however, such transmission cannot be entirely excluded to the extent that it is legally permissible.

You are under no obligation to provide any personally identifiable data to us for the purposes of a job application. However, we are unable to conduct an evaluation of your application without you providing any information allowing us to assess your suitability and availability or to contact you. 

(7) online invitation management tool

At some events we work together with service providers such as Guest Company. The service provider provides us with an online invitation management tool for events which allows us to distribute free (online) invitations, reminders, registration confirmations and admission tickets for events. We have entered into a data processing agreement according to GDPR, Art. 28 with the service providers. Data is processed exclusively for the purpose of sending invitations to a selected group of recipients.

The service provider generally receives the following personal data from us for this purpose:

  • Mr/Mrs/Dr
  • Title
  • First and last name
  • Function
  • Department
  • Company
  • Address
  • E-mail address

In addition, we may receive data from our cooperation partners which we may have processed by the service provider on their behalf according to GDPR, Art. 28.

The legal basis for processing this data is provided by GDPR, Art. 6(1)(f) ("legitimate interest") and the German Unfair Competition Act (UWG), section 7(3). The data will be deleted as soon as it is no longer needed for the processing purposes.

You may object to the use of your data for the purposes given above at any time, or revoke your consent, by sending a message to privacy(at)hamburg-messe(dot)de. If you choose to ask for deletion of your personally identifiable data stored by us, we will comply immediately unless our documentation and retention obligations require us to do otherwise. 

If you provide personal data of accompanying persons, we assume that their consent has been obtained. This data will also be deleted after the event.

(8) Social Media

Hamburg Messe und Congress GmbH maintains publicly accessible profiles in social networks and social media channels for public relations, external presentation, customer acquisition, advertising and communication with participants in social networks. The legal basis for data processing is the legitimate interest of Hamburg Messe und Congress in a corresponding public presence and the initiation and maintenance of business contacts (Art. 6 (1) (f) GDPR).

Our social sharing is limited to copying the current page URL and a link to the respective platform. No data is exchanged in this process.

(a) YouTube Plug-In

YouTube LLC (operated by Google), 901 Cherry Ave., San Bruno, CA 94066, USA; policies.google.com/privacy;

Some sub-pages may temporarily provide video files in a YouTube frame that you may replay. Any time you play such a video you actually access the website www.youtube.de of Google Inc. through the frame. We have no influence on the scope of your data collected by Google Inc. when you access the YouTube website, or Google's handling of your data. Both are subject to the legal responsibility of Google Inc. However, you may find further information on Google's handling of your data by following this link: policies.google.com/privacy

(9) Web Analytics

Our webpages may use the web analytics services of Google Analytics. These services are provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google analytics uses so-called cookies. These are text files that are stored on your computer to analyse the way you use our webpages. The information cookies generate about your use of our webpages is typically transmitted to, and stored on, a Google server located in the United States.

On our webpages we have enabled the IP anonymisation feature. This feature causes Google to truncate your IP address within European Union member countries or other signatory countries of the European Economic Area Agreement before transmitting the address information to the USA. In exceptional cases, the full IP address is transmitted to a Google server located in the USA, and truncated subsequently. Google will use this information on behalf of the operator to evaluate your use of the webpages, compile reports about the activities on the website, and render to the website operator additional services related to website and Internet use. The IP address transmitted by your browser for Google analytics will not be merged with other Google data.

The legal basis for the use of Google Analytics is the German Broadcast Media Act [TMG], section 15(3), respectively, GDPR, Art. 6(1), p.1 (f). All data transmitted by us and linked to cookies, user information (such as user IDs) or advertising IDs are automatically deleted after 26 months as a result of our event cycles. Once per month all data that has reached the end of their retention period is deleted automatically.

(a) Browser Plug-in

You may set your Browser application to reject the storage of cookies; however, please be advised that by doing so you may not be able to use the full range of our website features. In addition, you are free to inhibit collection of the data generated by the cookie relating to your usage of the webpages (including your IP address) by Google, as well as the processing of these data by Google, by downloading and installing the following browser plug-in via this link: https://tools.google.com/dlpage/gaoptout?hl=de.

(b) Objecting to the collection of your data

You can prevent Google Analytics from collecting your data by clicking on "Recect" in the cookie notice (see above, (2) Cookies).

You can find more information on how to handle Google Analytics in the Google Data Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.

(c) Demographics feature of Google Analytics

Our webpages use the Demographics feature of Google Analytics. It enables the creation of reports containing information about the age, sex and interests of webpage visitors.

This information is extracted from interest-based advertisements of Google as well as third-party visitor data. This information cannot be used to identify any individual.

You may disable this feature at any time in the advisement settings of your Google account, or generally disable collection of your data by Google Analytics as described under "Objecting to the collection of your data".

(10) Online advertisements

User behaviour on our webpages is evaluated in pseudonymised form for the purpose of matching advertisements with your personal interests. The information captured includes data about your activities on this website (e.g. surfing behaviour, sub-pages visited, time spent on each page, etc.). Without your express consent, this information will not be combined with the identity of the bearer of the pseudonym.

The legal basis for this is GDPR, Art. 6(1)(f).

(a) Aumago

We work together with Aumago GmbH (“Aumago”), Berlin, a target audience marketing firm. Aumago uses so-called cookies, text files which are saved by the browser of the computer. Pseudonymised usage information is collected in the form of cookie IDs and advertisement IDs without any IP addresses. Cookie IDs and advertisement IDs without an IP addresses do not provide enough information to identify a natural person behind the browser / user.

Based on the surfing behaviour (websites, categories and product pages visited), Aumago assumes a certain interest in a specific B2B industry sector and uses this information on our behalf to send usage-based online marketing messages in a more targeted manner. The cookies can be synchronised with those from other platforms in a process referred to as Cookie Matching. For example, cookie matching may be performed for: Google, Doubleclick, Adition, Appnexus, Mediamath, The Trade Desk, Adform, Active Agent, yieldlab.

The relevant cookies are either Aumago cookies or cookies from third-party service providers contracted by Aumago, such as TheADEX GmbH, Berlin. Users may opt out using the following link at any time to express their disagreement with this cookie tracking. This will cause a so-called opt-out cookie to be set. The OptOut cookie only works if it is not prevented from being stored on the computer, or deleted, by browser settings. If the opt-out cookie is deleted, the user must opt out again. As alternative options, the user may delete the cookies directly from the browser files, set the Do-not-track option of the browser, or go here to manage his or her cookie preferences. If you would like to find out what information your cookie has captured, please send us your cookie ID.

(b) Google adsense

Our websites use the online advertising service Google AdSense which allows advertisements to be custom-tailored to your personal interests. We use this service for the purpose of presenting you with advertisements which might be of interest to you so as to enhance the value of our website to you. To this end, the service captures statistical information about you which is then processed by our advertisement partners. These advertisements can be identified by the inserted note "Google ad” or “Google-Anzeigen”, respectively.

When you visit our webpages, Google is notified that you have accessed them. To obtain this information, Google uses a web beacon to install a cookie on your computer. The data that is transmitted at this time is detailed under Item II.1. of this policy. The type of data collected is beyond our control and we have no precise knowledge of the scope of the data collection and the duration of data storage. Your data will be transmitted to USA for evaluation. If you have logged on to your Google account, your data can be directly assigned to your account. If you do not wish your page usage data to be assigned to your Google profile, please log off from your Google user account. Your data may be disclosed to Google contractors, other third parties as well as government authorities. The legal basis for processing your data is GDPR, Art. 6(1), p. 1 (f). This website does not include any third-party advertisements via Google AdSense.

There are various ways for you to prevent installation of Google AdSense cookies: (a) Modify your browser settings. Specifically, suppressing third-party cookies will prevent you from receiving third-party advertisements. (b) Disable interest-related Google advertisements using the link www.google.de/ads/preferences; please note that this setting will be deleted when you delete your cookies. (c) Use the link www.aboutads.info/choices to disable interest-related advertisements from providers who have joined the self-regulating campaign “About Ads”. This setting will be deleted when you delete your cookies. (d) If you are using Firefox, Internet Explorer or Google Chrome as a browser, you can disable these cookies permanently by following this link: www.google.com/settings/ads/plugin. Please be advised that by so doing you may not be able to use the full range of features offered by this website.

For further information regarding the purpose and scope of data collection and processing, as well as additional information on your related rights and your configuration options to protect your privacy, please contact: Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; data privacy terms and conditions for advertisements: www.google.de/intl/de/policies/technologies/ads.

(c) Google adwords and google conversion tracking

Our webpages may use Google AdWords to advertise our attractive services on third-party webpages using so-called Google AdWords. We can assess the success of individual advertisements using the advertising campaign data. We use this service for the purpose of presenting you with advertisements which are of interest to you, to enhance the value of our website to you, and to achieve fair advertising cost levels. AdWords is an online advertising application provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

In connection with the use of Google AdWords we also use a technology called Conversion Tracking. Whenever you click an advertisement provided by Google, a conversion tracking cookie is set. Cookies are small text files the user's Internet browser installs on the user’s computer. These cookies expire after 30 days and are not used to make the user personally identifiable. If the user visits specific pages of our website before the cookie expires, both Google and ourselves can recognise that the user has clicked the advertisement and was redirected to that page. Analytics items typically stored along with this cookie include the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) as well as opt-out information (flags indicating that a user no longer wishes to be approached).

Each Google AdWords customer receives an individual cookie. These cookies cannot be tracked by the websites of AdWords Customers. The information collected by the conversion cookies is used to create conversion statistics for AdWords customers who have agreed to use conversion tracking. These customers are told how many users have clicked their advertisement and been redirected to a page bearing a conversion tracking tag. However, they do not receive any information allowing them to personally identify any users. If you do not wish to participate in conversion tracking, you may easily object to the use of this feature by disabling the Google Conversion Tracking cookie in your Internet browser's user settings. When you have done this, you will not be included in any conversion tracking statistics. We exclusively receive statistical evaluations from Google. These evaluations allow us to determine which of our advertisements have been most effective. We do not receive any other data from the use of our advertisements. In particular, we are unable to identify individual users based on this information.

Based on the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google's use of this tool. Therefore we can only provide the following information based on our current knowledge: By incorporating AdWords Conversion, Google learns that you have accessed a particular section of our website or clicked on one of our advertisements. If you are registered for a Google service, Google may assign your visit to your account. Even if you're not registered or logged on to Google, the provider may obtain and store your IP address.

You can prevent being included in this tracking procedure in several ways:

a)    By setting your browser software accordingly; in particular, suppressing third-party cookies will prevent you from receiving any advertisements from third-party providers;

b)   By disabling cookies for conversion tracking. To do this, set your browser to block cookies from the domain “www.googleadservices.com”, www.google.de/settings/ads; however, this setting will be deleted if you delete your cookies;

c)    By disabling interest-based advertisements from providers who have joined the self-regulating campaign "About Ads” using the link www.aboutads.info/choices. This setting will be deleted if you delete your cookies;

d)   If you are using Firefox, Internet Explorer or Google Chrome as a browser, by disabling these cookies permanently via this link: www.google.com/settings/ads/plugin. Please be advised that by so doing you may not be able to use the full range of features offered by this website.

The legal basis for processing your data is GDPR, Art. 6(1), p. 1 (f). For further information on Google's data privacy protection please visit: www.google.com/intl/de/policies/privacy or services.google.com/sitestats/de.html. As an alternative, you may visit the website of the Network Advertising Initiative (NAI) at www.networkadvertising.org.

(d) Google analytics remarketing

Our webpages may use Google Analytics Remarketing functionality in combination with the multi-device features of Google AdWords. This functionality is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These features allow the advertising target audiences generated using Google Analytics Remarketing to be linked with the device-independent features of Google AdWords. This means that personalised advertising messages can be adapted to your interests based on your previous user and surfing behaviour on one of your devices (e.g. smartphone) and presented on any of your other devices (e.g. tablet or PC).

Provided that you have given your consent, Google will match your web and app browser history with your Google account for this purpose. As a result, the same personalised advertising messages can be displayed on any device that is logged on to your Google account.

To support this feature, Google Analytics captures Google-authenticated user IDs, which are then temporarily combined with our Google Analytics data to define and create target audiences for advertisement across devices.

You may object to cross-device remarketing/targeting permanently by disabling personalised advertising in your Google account using the following link: www.google.com/settings/ads/onweb/.

For more information please read the Google privacy policy at: www.google.com/policies/technologies/ads/.

(e) Facebook custom audiences (pixel)

Our webpages may use the visitor activity pixel by Facebook (Facebook Custom Audiences), Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) to measure conversion. This enables users of our webpages visiting the social media network Facebook or any other websites using the same method to see interest-related advertisements ("Facebook Ads”). We use this service for the purpose of presenting you with advertisements which are of interest to you so as to enhance the value of our webpages to you.

Based on the marketing tools used, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook's use of this tool. Therefore we can only provide the following information based on our current knowledge: By incorporating Facebook Custom Audiences, Facebook learns that you have accessed a particular section of our website or clicked one of our advertisements. If you are registered for a Facebook service, Facebook may assign your visit to your account. Even if you are not registered or logged on to Facebook, the provider may obtain and store your IP address and other identification information.

This is done to track the behaviour of visitors of our pages. It allows us to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and to optimise future advertisement campaigns.

For us as operators of our website, the data collected in this way remains anonymous, and we are unable to draw any conclusions regarding the identity of any user. However, Facebook will store and process this information. This means that linking it with the relevant user profile is possible, and Facebook may use this information for its own advertising purposes according to the Facebook policy on the usage of user data. This method allows Facebook to place advertisements on Facebook pages as well as non-Facebook websites. As the operator of our website, we have no influence on the way this data is used.

The legal basis for processing your data is GDPR, Art. 6(1), p. 1 (f).

For more information on the way Facebook processes user information please visit www.facebook.com/about/privacy.

For further information about the protection of your privacy please refer to the data privacy policy of Facebook: www.facebook.com/about/privacy/.

You may also disable the remarketing feature called “Custom Audiences” in the advertisement settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen after logging on to Facebook.

If you do not have a Facebook account, you may disable usage-based Facebook advertisements by going to the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

(f) LinkedIn Insight Tag

With your consent, we use the conversion tracking technology and the retargeting function of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA on our website. This technology enables visitors to our website to be shown personalized advertisements on LinkedIn. It is also possible to generate anonymous reports on the performance of the advertisements and information on website interaction. For this purpose, the LinkedIn Insight Tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. We would like to point out that, as the provider of the website, we have no knowledge of the content of the data transmitted or its use by LinkedIn. The information about your use of our website recorded by the LinkedIn Insight Tag is encrypted. The cookie is stored in the LinkedIn member's browser until the member deletes the cookie or it expires (the expiry date is six months after the member's browser last loaded the insight tag).

The data processing takes place on the basis of your consent and thus on the legal basis of Art. 6 Para. 1 lit. a) GDPR. You can object to the collection and use of your data to display LinkedIn Ads at any time or revoke your consent, e.g. by changing your cookie settings on our site accordingly. LinkedIn members have the option of opting out of LinkedIn conversion tracking and blocking and deleting cookies or deactivating demographic characteristics at www.linkedin.com/psettings/advertising/. In the LinkedIn settings, there is no separate opt-out option for third-party impressions or click tracking for campaigns running on LinkedIn, as all underlying campaigns respect the settings of LinkedIn members. You can also deactivate the LinkedIn Insight Conversion Tool and interest-based advertising as a non-member by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

In the data protection guideline of LinkedIn at https://www.linkedin.com/legal/privacy-policy you will find further information on data collection and data usage as well as the possibilities and rights to protect your privacy.

(g) Adform

Our webpages may use the conversion-tracking service of Adform Germany GmbH (below “Adform”) to advertise our attractive services on third-party webpages with suitable means. We can assess the success of individual advertisements using the advertising campaign data. We use this service for the purpose of presenting you with advertisements which are of interest to you, to enhance the value of our website to you, and to achieve fair advertising cost levels.

Cookies are used to measure advertisement success based on specific parameters such as advertisements viewed or user clicks. The cookie is set as soon as you establish contact with an advertisement feature (e.g., a banner) provided via Adform for a Hamburg Messe und Congress GmbH event. The cookie will contain an advertisement ID and remain valid for 60 days. It does not capture any attributes (such as you complete IP address, your first and last name, your address, your e-mail address) that would allow anyone to identify you personally. However, the advertisement ID tells us which advertisement feature made you aware of the Hamburg Messe und Congress GmbH event in question. Hamburg Messe und Congress GmbH will never attempt to merge the advertisement ID with personally identifiable data.

Users who do not wish to participate in conversion tracking may disable the Adform cookie via their browser by going to site.adform.com/privacy-center/overview.

The legal basis for processing your data is GDPR, Art. 6(1), p. 1 (f). For further information on Adform's data privacy protection please visit: https://site.adform.com/privacy-center/overview

(h) EPROFESSIONAL

To analyse the use of our web pages for the purposes of various advertising methods, we use a tracking tool provided by our Data Processor EPROFESSIONAL GmbH, Heidenkampsweg 74–76, 20097 Hamburg in connection with selected events (GDPR, Art. 6(1)(f)).

This tool uses a pixel tag to transmit the following information: HTTP header information, such as the anonymised IP address, the web browser you use, the website URL, the date and time, pixel tag-specific data, including the pixel tag ID and cookie ID, as well as additional information about the visit of our web pages, for example, any orders placed.

You may disable the tracking tool at any time by going here.

(h) Quantcast Pixel

The POLARIS CONVENTION ticket shop uses the website tag from Quantcast (Quantcast Pixel), Quantcast Inc, 201 3 rd St, Floor 2, San Francisco, CA 94103-3153, USA ("Quantcast") for conversion measurement. This enables interest-based advertisements ("Programmatic Advertising") to be displayed to users of our websites. Our interest in doing so is to show you advertising that is of interest to you.
If you agree to the use of marketing cookies, your browser automatically establishes a direct connection with the server of Quantcast. Through the integration of Quantcast pixels, Quantcast receives the information that you have accessed the corresponding web page of our website, or clicked on an advertisement from us. The personal information Quantcast collects does not include information that can be used to identify you directly (for example, Quantcast does NOT collect your name or email address). However, Quantcast does collect information that can indirectly identify you. Some information transmitted by cookies and tags, including log data, is personal information. 
Quantcast may also receive some information about you from third parties and may combine this information with personal information we have collected about you ourselves. Although Quantcast makes predictions about your interests and demographics based on this information, Quantcast does not know who you are. 
Likewise, the data collected is anonymous to us as operators of our websites; we cannot draw any conclusions about the identity of users. 
The legal basis for the processing of your data is Art. 6 para. 1 p.1 lit. f DS-GVO.
For more information on data processing by Quantcast, please visit www.quantcast.com/privacy/.
You can find further information on the protection of your privacy in Quantcast's data protection information: https://www.quantcast.com/privacy/
You can object to the collection and use of your data for the future by setting an opt-out cookie in your browser by clicking on this link: https://www.quantcast.com/opt-out/.

(h) Tik Tok Pixel

We use the TikTok Pixel in the POLARIS CONVENTION ticket shop. The TikTok Pixel is a TikTok Advertiser Tool of the two providers
- TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and
- TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both are hereinafter jointly referred to as "TikTok").
The TikTok Pixel is a JavaScript code snippet that allows us to understand and track visitors' activity on our website. For this purpose, the Tiktok Pixel collects and processes information about visitors to our website or the devices they use (so-called event data). For example, when you purchase a product on our website, the TikTok Pixel is triggered and stores your actions on our website in one or more cookies.
Event data collected through the TikTok Pixel is used for targeting our ads and improving ad delivery and personalized advertising. For this purpose, event data collected on our website using the TikTok Pixel is transmitted to TikTok. TikTok uses email or other login or device information to identify users of our website and associate their actions with a TikTok user account.
In part, this event data is information stored in the device you are using. In addition, cookies are also used via the TikTok Pixel, through which information is stored on your end device used. Such storage of information by the TikTok Pixel or access to information already stored in your terminal device will only occur with your consent. The legal basis for the collection and transmission of personal data by us to TikTok is therefore Art. 6 (1) a DSGVO. You can revoke your consent at any time via our Consent Management Tool.
TikTok is the sole controller for the processing of the transmitted event data following the transmission. TikTok uses this data to display targeted and personalized advertising to its users and to create interest-based user profiles. The collected data is anonymous and not visible to us and is only used for us in the context of measuring the effectiveness of ad placements. For more information about how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, please see TikTok's Data Policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.
For more information about TikTok's data processing, please visit https://www.tiktok.com/legal/privacy-policy-eea?lang=de.

(11) Other third-party services

We also use the following third-party services:

(a) Linotype Web Fonts

To ensure uniform, proper display of fonts, this page uses so-called Web Fonts provided by Monotype GmbH, Werner-Reimers-Straße 2–4, 61352 Bad Homburg, Germany (also referred to as “Linotype” or “linotype.com”). For this to function, JavaScript code will be loaded into your browser. When you access one of our pages, your browser will also load the required Web Fonts into its cache memory.

If you have enabled JavaScript in your browser and are not using a JavaScript blocker, your browser may transmit personally identifiable data to Linotype. We do not know what other data Linotype may link with these transmitted data, and for what purpose Linotype collects and uses them.

If your browser does not support Web Fonts, it will use a standard font installed on your computer. If you would like to disable the execution of JavaScript code entirely, you may install a JavaScript blocker such as the one provided by www.ghostery.com.

For further information on Linotype Web Fonts and the corresponding data privacy policy please visit https://www.linotype.com/de/2061-18846/datenschutzrichtlinien.html

(b) Google Web Fonts

This page may use so-called Web Fonts provided by Google to ensure the uniform display of fonts. When you access one of our pages, your browser will load the required Web Fonts into its cache memory so texts and fonts will display correctly.

This requires your browser to establish a connection with Google servers, which will tell Google that our webpages have been accessed by your IP address. We use Google Web Fonts to achieve a uniform and attractive appearance of our online services. This constitutes a legitimate interest as stipulated by GDPR, Art. 6(1)(f).

If your browser does not support Web Fonts, it will use a standard font installed on your computer.

For more information about Google Web Fonts please visit https://developers.google.com/fonts/faq and Google's Privacy Policy.

(c) Google Maps

Our webpages may use Google Maps through an API. This functionality is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the features of Google Maps it is necessary to store your IP address. This information is typically transmitted to, and stored on, a Google server located in the USA. The provider of this webpage has no influence on the transmission of these data.

We use Google Maps to improve the appearance of our online services and make sure the localities described in our webpages can be found easily. This constitutes a legitimate interest as stipulated by GDPR, Art. 6(1)(f).

For more information about the handling of user data please read the Google data privacy policy.

(d) Audience Response Systeme/Interaction tools

Use of the Slido interaction tool (polls & chats),

During some of our events, participants can use the Slido interaction tool to take part in surveys, cast votes or send questions and impulses via the chat function. The use of Slido is optional and the event can also be followed without Slido.

Q&A: The Q&A function gives participants the opportunity to ask the speakers questions and thus become an active part of the event. For this purpose, participants can ask questions to the speakers after registering (depending on the setting with name only or with name and e-mail address or even without registering at all). After possible moderation, these questions are passed on to the speakers and also made visible to other participants.

Live Polls / Surveys: With the help of the survey function, participants get the chance to share their opinion and take part in surveys. To do this, participants can take part in publicly switched polls after registering (depending on the setting, with name only or with name and e-mail address or even without registering at all).

If the interaction tool is used, this requires the consent of the participants to the use of data by Slido s. r. o.. The corresponding privacy policy can be found on the homepage of Slido s. r. o. (www.sli.do/terms#privacy-policy).

The request for consent is made on the event page via a so-called two-click solution (double opt-in). This means that before the interaction tool is used, reference is made to the privacy policy of the operator of the tool and the consent or agreement to the use of data is given in the form of a click. After that, the interaction tool can be used in the form of a second click. Personal data will only be transmitted after consent has been given.

The data processed by Slido include: Name, e-mail address, company (optional), questions asked, answers to polls, IP address, information about the device used (hardware model, operating software used), time of access, TSL protocol, TSL certificates, information about any system crashes of the interaction tool, hardware settings, language settings, query of pre-installed cookies to identify the browser or any Slido account (if installed on the device used).

 

b. Data security on our webpages

It should be noted that transmitting information over the Internet (e.g. when communicating by e-mail) can expose data to security gaps. It is impossible to guarantee full protection of data transmissions against third-party access.

For security reasons and to protect the transmission of confidential content such as orders or enquiries you send to us as the operators of this website, these webpages use SSL or TLS encryption. You can recognise an encrypted connection when the beginning of your browser's address line switches from “http://” to “https://”, and a small lock symbol appears next to it.

When SSL or TLS encryption is enabled, the information you send to us cannot be read by third parties.

c. Encrypted payment transactions

If you have entered into an agreement with us that includes a payment obligation which requires transmission of your payment information to us (e.g. account number for us to withdraw a specified amount), this information is needed to carry out the financial transaction.

All payments using common payment methods (such as Visa/MasterCard, PayPal) are exclusively transacted through encrypted SSL or TLS connections. You can recognise an encrypted connection when the beginning of your browser's address line switches from “http://" to “https://”, and a small lock symbol appears next to it.

Encrypted communication prevents third parties from reading any information you send to us.

We have installed video cameras on our premises. In the event that our video cameras record any images of you, your personally identifiable data may be subject to processing. We use our video cameras to protect our property (or the property of third parties) or our householder's rights (or those of third parties). Ostentatious video monitoring is intended to be preventive and, by being obvious, avert any potential hostile activities directed against us. Furthermore, recorded video footage may be used to investigate criminal acts and other relevant events. It also permits us to prosecute criminal acts, enforce legitimate claims and provide legal evidence. Video monitoring also allows us to control vehicle and visitor traffic on our premises. Finally, video recordings may, within the scope of applicable law in a given case, may serve the purpose of uncovering violations of work or training-related responsibilities and provide evidence of the circumstances thereof. In such cases, video recordings are used to enforce specific measures under employment law up to and including termination of an existing work or training relationship.

The legal basis for processing this data for the purpose of protecting property and our householder's rights is GDPR, Art. 6(1), p. 1 (f). The Data Controller’s legitimate interests in processing the data are described in the paragraph above. To the extent that the data processed is video footage showing the behaviour of an employee, trainee or job applicant, data processing is covered by the provisions of the GDPR in connection with the German Federal Data Protection Act (BDSG), section 26.

Since storage of the data is based upon due balancing of the Data Controller's interests and those of the Data Subject, the existing interests and any change thereof are key criteria for the duration of storage. As a matter of principle, the data will be erased as soon as the Data Controller's legitimate interests no longer exist or no longer supersede your interest in erasure. Video recordings are never stored for more than a few days. In the event that video recordings are required to assert, defend or exercise legal claims, enforce employer measures or serve as evidence and aid in the investigation of specific facts, this data will be stored until these purposes have been achieved.

Further exceptions from the erasure rules may arise from the provisions of the GDPR and German Federal law, in particular the German Privacy Act (BDSG).

If you give us your business card or tell us your contact information by telephone expressly for business purposes the first time you contact us, we will submit this Data Privacy Policy to you based on your consent (GDPR Art. 6(1)(a)) given during our first electronic correspondence (follow-up or newsletter), or based on your consent to pre-contractual activities.

You may revoke your consent at any time. You may do so in an informal e-mail message to privacy(at)hamburg-messe(dot)de.

By allowing your admission ticket to be scanned by an exhibitor/visitor during an event, you agree to your participation in the Lead Tracking programme.

This means that as a visitor you agree that we will, upon the exhibitor's/visitor`s request, transmit to the exhibitor/visitor your personally identifiable data (title information, surname, first name, company, street address, postal code, city, e-mail address, industry if applicable) which the exhibitor/visitor may use for the purpose individually agreed with you.

As a visitor you are free to participate or decline participation in the service. You are free to revoke your consent given to the exhibitor/visitor (GDPR, Art. 6(1)(a)) at any time.

You may use our wireless computer network in our conference and event buildings free of charge. To do so you must register with us. The following data must be provided for registration:

  • Form of address,
  • First and last name,
  • E-mail address.

We will process this data for the purposes of providing our wireless computer network, defending ourselves against third-party claims, and managing our customers, in particular, providing you with event-specific information e-mails relating to the events you visit.

If you choose to use a premium account for a fee, you data will also be processed by us or a service partner contracted by us for the purposes of contract execution.

The information required for registration must be provided in full. We cannot accept incomplete registration.

The data you provide through your registration will be processed for the purpose of contract performance (GDPR, Art. 6(1), p.1 (b)). The legal basis for processing personally identifiable data is GDPR, Art. 6(1), p. 1 (f).

Our legitimate interests are the provision of our wireless computer network, and defending our legal claims if applicable.

We will save your personally identifiable data pursuant to Item I.6.

When we organise lotteries (tombolas, competitions etc.) we collect personal data form the participants for the purpose of carrying out the lottery. Depending on the specific occasion, this personal data may include, without being limited to, the following:

  • Name
  • E-mail address
  • Form of address (voluntary)
  • Telephone Number (voluntary)

The personal data we collect will be processed as required to conduct the respective lottery. The legal basis for this is GDPR, Art. 6(1)(f). Our legitimate interest consists in offering lotteries to you while raising your awareness of our own, internally-organised events. Furthermore we may use your personal data to inform you by e-mail about our own events (the legal basis being GDPR, Art. 6(1)(f)). You may object to such data processing at any time by sending a message to privacy(at)hamburg-messe(dot)de .

Provided that we make a prize available to you under our contractual obligation when conducting a lottery, we do so on the basis of GDPR, Art. 6(1)(b). To this end we may disclose your data to the sponsor of the lottery, if required (which is always a company that is in some way connected to our own events).

Swapcard
At some of our events, functions and content of the service Swapcard, offered by SWAPCARD CORPORATION SAS, 6 Rue du Paradis, 75010 Paris, France, are integrated in cooperation with Informa Markets, 240 Blackfriars Rd, London SE1 8BF, Great Britain. By participation in the event, the Client can access the platform automatically in order to network with other participants before, during and after the event.

The following customer data is stored on the platform:

  • Account name
  • Title
  • Salutation
  • Surname
  • First Name
  • Email address
  • Company name
  • Fax number
  • Street address
  • Post code
  • Town
  • Region
  • Country code
  • Country code
  • Position
  • Phone number
  • Ticket type of person for the fair
  • Function in the company
  • Department in the company
  • Branch of the company

As a user, the Client has the option of deciding whether he or she wants to be visible to other participants. An order processing agreement has been concluded with Swapcard. The Client's data is processed by Swapcard exclusively on the servers of AWS in Ireland within the European Union. The legal basis for the processing of personal data is Art. 6 (1) lit b and f GDPR. Further information on data protection and data processing at Swapcard can be found here: https://www.swapcard.com/privacy-policy

In our parking facilities, which are operated ticketless, the registration number of our employees, service providers and business partners is recorded in accordance with GDPR, Art.6 Para. 1 lit. f as well as § 4 Federal Data Protection Act due to our legitimate interest, mainly for the purpose of safeguarding the right of access and entry control. Automatically recorded data will be deleted immediately after leaving the parking facility, unless there is a concrete reason for longer storage.

We would like to inform you below about the processing of personal data in connection with the use of ‘Microsoft Teams’.

 

Purposes and legal bases of processing

We use the ‘Microsoft Teams’ tool to conduct telephone conferences, online meetings and/or video conferences (hereinafter: ‘online meetings’). ‘Microsoft Teams’ is a service of Microsoft Corporation

Please note that this data protection notice only informs you about the processing of your personal data by us if you hold online meetings with us. If you access the ‘Microsoft Teams’ website, the provider of ‘Microsoft Teams’ is responsible for data processing. If you require information about the processing of your personal data by Microsoft, please refer to the relevant Microsoft statement

Various types of data are processed when you use ‘Microsoft Teams’. The scope of the data also depends on the data you provide before or when participating in an ‘online meeting’.

The following personal data is processed

  • IP address
  • User details: e.g. display name (‘display name’), e-mail address if applicable, profile picture (optional), preferred languag
  • Meeting metadata: e.g. date, time, meeting ID, telephone numbers, locatio
  • Text, audio and video data: You may have the option of using the chat function in an ‘online meeting’. In this respect, the text entries you make are processed in order to display them in the ‘online meeting’. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the ‘Microsoft Teams’ applications.

The legal basis for data processing when conducting ‘online meetings’ is your consent in accordance with Art. 6 para. 1 letter a and/or Art. 6 para. 1 letter b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Our interest here is in the effective organisation of ‘online meetings’ to improve communication.

 

Recipients / disclosure of personal data

Personal data that is processed in connection with participation in ‘online meetings’ is not passed on to third parties unless it is specifically intended to be passed on. Please note that content from ‘online meetings’ as well as face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on

Other recipients: The provider of ‘Microsoft Teams’ necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with ‘Microsoft Teams’.

 

Transfer of personal data to a third country

‘Microsoft Teams’ is part of Microsoft Office 365 and a service offered by a European subsidiary of Microsoft Corporation based in the USA. Data processing with Office 365 takes place on the basis of the Microsoft EU Data Boundary on servers in data centres in the European Union in Ireland and the Netherlands

Nevertheless, we cannot completely rule out the possibility that Microsoft Corporation or US security authorities may have access to the circumstances and content of communication via Microsoft Teams. Microsoft Corporation may also have access to the data in the context of remote maintenance. However, if data can also be processed by Microsoft outside the EU, we take appropriate and reasonable measures to ensure an adequate level of data protection, e.g. by concluding so-called EU standard contractual clauses

Microsoft reserves the right to process usage data for its own legitimate business purposes. We have no influence on this data processing by Microsoft. To the extent that ‘Microsoft Teams’ processes personal data in connection with legitimate business purposes, Microsoft is independently responsible for these data processing activities and as such is responsible for compliance with all applicable data protection regulations. If you require information about the processing by Microsoft, please consult the relevant Microsoft statement or contact Microsoft directly. You can find information on this here: privacy.microsoft.com/de-de/privacystatement or learn.microsoft.com/de-de/microsoftteams/teams-privacy.

 

Duration of storage of personal data

We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or defend against warranty and guarantee claims.

If the data is no longer required for the fulfilment of the processing purposes described above, it will be deleted unless its - temporary - further processing is required for the following purposes

Fulfilment of retention obligations under commercial and tax law: The German Commercial Code (HGB) should be mentioned. The retention and documentation periods specified there are up to ten years

Preservation of evidence within the framework of statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.

The following processing operations are stored for an explicitly defined period:

  • Login data and IP addresses are deleted at the latest after Microsoft's standard period/setting (currently 90 days ).
  • The chat content during an online meeting is logged when using ‘Microsoft Teams’ and remains in the chat histories of all meeting participants.
  • Recordings of online meetings are automatically deleted after the standard Microsoft period/setting (currently 60 days).

 

III. Privacy policy for the mobile app